Stop, Drop, and Call your Web host – Ghost Linux Vulnerability

I hate being Chicken Little but this one sounds pretty critical:
Highly critical “Ghost” allowing code execution affects most Linux systems | Ars Technica

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.

I have a VPS at LiquidWeb and when I reached out to them about my server this morning the patch had not been applied. They patched and rebooted the server for me. Here is what I sent them. I suggest you reach out to your web host or sysadmin as well:

Subject: Is this a concern? The vulnerability in the GNU C Library (glibc)
Message Body:

I just read about The vulnerability in the GNU C Library (glibc) on this page:

Has the patch for this been applied to all LW servers? Besides this account I have a handful of client accounts and want to make sure all VPS and Shared servers are up to date.